CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

EUVD-2026-33487

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

PT-2026-45170

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign auth cookie of the file application/controllers/Login.php of the component MY Controller. Executing a manipulation of the...

CVE-2026-9409

Sushmi-pal Invoice-System contains a flaw in the User Management Handler, affecting an unknown portion of the /user file. Manipulation of the role argument allows improper authorization, enabling a remote attack. The exploit has been published, and the product uses a rolling release with no versi...

CVE-2026-9409 Sushmi-pal Invoice-System User Management user improper authorization

A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack...

CVE-2026-9409

A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack...

PT-2026-42980

A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack...

CVE-2026-6571

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument grouprole can lead to authorization bypass. The attack may be launched...

Exploit for CVE-2026-4484

CVE-2026-4484 Masteriyo LMS = 2.1.6 - Missing Authorizatio...

CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

CVE-2026-4548

CVE-2026-4548 affects mickasmt next-saas-stripe-starter 1.0.0. The vulnerable component is the function updateUserrole in actions/update-user-role.ts, where manipulation of arguments userId/role leads to improper authorization. The impact is described as remote exploit with network access; the vu...

CVE-2026-31874

Technical details about this CVE are not publicly provided in the supplied documents; monitor for updates.

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

CVE-2021-27394

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.19, Mendix Applications using Mendix 8 All versions V8.17.0, Mendix Applications using Mendix 8 V8.12 All versions V8.12.5, Mendix Applications using Mendix 8 V8.6 All versions V8.6.9, Mendix Applications...

PT-2025-53323

V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a crafted HTTP POST request to the user management endpoint with 'user role mod' set to integer value...